package com.test.system.admin.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * @author 徒有琴
 */
public class MyShiroRoleFilter extends AuthorizationFilter {
    /**
     * @param servletRequest
     * @param servletResponse
     * @param o               访问当前菜单需要拥有的角色列表  roles[]
     * @return
     * @throws Exception
     */

    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        String[] roleIds = (String[]) o;
        Subject subject= SecurityUtils.getSubject();
        for (String roleId : roleIds) {
            if(subject.hasRole(roleId)){
                return true;//只要有其中一个角色，就可以访问
            }
        }
        return false;
    }
}
